32 frameworks. Every one mapped to platform capability.
Pratvi AI is built to support a deep portfolio of regulatory frameworks — across healthcare, finance, privacy, AI-specific regulations, and sectoral rules. "Support" means platform capability exists in the codebase today; it does not imply certification.
Healthcare
HIPAA
Health Insurance Portability and Accountability Act
Privacy and security rules for protected health information. Pratvi supports BAA-bound processing, audit trails per §164.312(b), and breach-notification workflows.
HITRUST CSF
HITRUST Common Security Framework
Healthcare-focused control framework integrating HIPAA, NIST, ISO, and other standards.
CMS-0057-F
CMS Interoperability and Prior Authorization Final Rule
Turnaround-time tracking for prior authorization decisions — supported via audit-trail timing analysis.
FDA AI/ML SaMD
FDA AI/ML-Based Software as a Medical Device Action Plan
Predetermined change control plans for AI/ML medical devices; lifecycle audit support.
21 CFR Part 11
FDA 21 CFR Part 11 — Electronic Records and Signatures
Audit trail integrity for electronic records — SHA-256 hash chain satisfies tamper-evidence requirement.
FHIR R4 AuditEvent
HL7 FHIR R4 AuditEvent Resource
Healthcare interoperability standard for audit logs — exportable from Pratvi.
Financial Services
NAIC Model Bulletin
NAIC Model Bulletin on the Use of AI by Insurers
State insurance commissioners' framework for governing AI in insurance — mapped to inventory, bias, and decision audit modules.
SR 11-7
Federal Reserve SR 11-7 — Model Risk Management
Conceptual soundness, ongoing monitoring, outcomes analysis, and independent validation — all supported by the platform.
OCC 2011-12
OCC Bulletin 2011-12 — Supervisory Guidance on Model Risk Management
OCC-supervised banks. Same model-validation principles as SR 11-7.
ECOA
Equal Credit Opportunity Act (Regulation B)
Adverse-action notices within 30 days; 4/5ths-rule disparate-impact monitoring.
FCRA
Fair Credit Reporting Act
Adverse-action notices on credit-based decisions, with credit-score disclosure.
GLBA Safeguards
Gramm-Leach-Bliley Act Safeguards Rule (16 CFR 314)
Information security program required for financial institutions; 72-hour security-event notification supported.
BSA/AML
Bank Secrecy Act / Anti-Money Laundering
5-year decision-record retention for AML AI; pattern-review audit trail.
HMDA
Home Mortgage Disclosure Act
Mortgage-decision reporting; AI-driven origination subject to fair-lending review.
Colorado SB21-169
Colorado SB21-169 — Restrict Insurers' Use of External Consumer Data
Prohibits insurers' use of external consumer data, algorithms, and predictive models that unfairly discriminate on protected characteristics. Insurers must test models for disparate impact — mapped to the bias-assessment module and model inventory.
Privacy & Data Protection
GDPR
EU General Data Protection Regulation
Articles 5, 6, 15, 17, 22, 28, 30, 32, 33, 35 supported. Includes Article 22 automated-decision human-oversight checks and Article 35 DPIA workflows.
FERPA
Family Educational Rights and Privacy Act
Student-record privacy for higher-ed AI.
CCPA / CPRA
California Consumer Privacy Act / California Privacy Rights Act
California consumer rights including automated-decision opt-out.
UK GDPR
United Kingdom General Data Protection Regulation
UK adaptation of EU GDPR; ICO supervision.
AI-Specific
EU AI Act
EU Artificial Intelligence Act (Regulation 2024/1689)
Risk classification (prohibited / high-risk / limited / minimal), Article 9 risk management, Article 10 data governance, Article 13 transparency, Article 14 human oversight, Article 52 LLM transparency notices.
NIST AI RMF 1.0
NIST AI Risk Management Framework 1.0
Govern, Map, Measure, Manage functions — the platform's structural backbone.
ISO/IEC 42001
ISO/IEC 42001 — AI Management System
Management-system standard for AI; controls map to inventory, governance, and lifecycle modules.
OMB M-24-10
OMB Memorandum M-24-10 — Federal Agency AI Use
AI inventories and impact assessments for federal agencies.
Colorado AI Act
Colorado SB24-205 — Consumer Protections for Artificial Intelligence
Duties of care for developers and deployers of high-risk AI systems making consequential decisions, to prevent algorithmic discrimination. Supported via inventory risk-tiering, bias testing, and impact-assessment workflows. Effective June 30 2026.
Texas TRAIGA
Texas Responsible Artificial Intelligence Governance Act (HB 149)
Governs government-agency AI use with disclosure duties and prohibits manipulative or discriminatory AI practices. Supported via inventory, prohibited-use risk classification, and governance controls. Effective January 1 2026.
Security & Infrastructure
ISO/IEC 27001
ISO/IEC 27001 — Information Security Management
Information security baseline. Pratvi controls aligned but not externally certified.
SOC 2
SOC 2 Type II Trust Services Criteria
Targeting Type II audit at post-GA +12 months. Controls implemented; audit not yet performed.
CMMC 2.0
Cybersecurity Maturity Model Certification 2.0
DoD contractor cybersecurity controls — Pratvi supports L2/L3 control mapping.
NERC CIP
North American Electric Reliability Corporation Critical Infrastructure Protection
Bulk Electric System cyber rules; CIP-013 supply-chain controls for AI vendors.
Sectoral & Other
ITAR
International Traffic in Arms Regulations
Controlled-data segregation in training pipelines.
DFARS 7012
DFARS 252.204-7012 — Safeguarding Covered Defense Information
72-hour cyber incident reporting; CUI handling.
NYC Local Law 144
NYC Local Law 144 of 2021 — Automated Employment Decision Tools
Requires an independent annual bias audit of automated employment decision tools (AEDTs) and public disclosure of adverse-impact ratios. Mapped to the bias-assessment module's 4/5ths disparate-impact analysis.
Need coverage for a framework we haven't listed?
The compliance engine is extensible. Tell us what governs your AI and we'll evaluate adding it.
Request framework coverage